Hi reddit, I hope this is the right place to ask this question.
Basically, I work from home and my work has a VPN server that we need to connect to using FortiClient in order to access our work environment. In order to do any work I need to be connected to the work VPN. However, I am going to be leaving the country for the rest of the year to stay in another country. Unfortunately, my work is not accepting of this and doesn’t want me to go. For personal reasons, it is very important for me to go there, but I don’t want my company to know that I am going against their wishes.
I need to mask my IP so that it seems like I am still in my home country and not working from a different country. Is there any way to accomplish this? I tried to use two VPN Clients, connecting to a VPN with an IP from my home country and then connecting with the FortiClient to the work VPN but it just caused both VPNs to not be able to work.
An alternative solution I was thinking might be to set up a VPN based in my home country on my phone, and use my mobile data as a wifi hotspot and then connect to the internet via my phone.
Is there any way to make it seem like my IP address is located in a different country when connecting to my work VPN?
I’m a complete beginner when it comes to VPNs and networking so I really don’t know. In all likelihood no one from the IT department is going to bother to check my IP to see where I’m working from, but I wanna be covered in case they somehow do, for example if the VPN flags suspicious activity coming from a foreign country or something of that sort. Would anybody in an IT department be looking at my IP to check which country it is coming from, or am I just being paranoid here?
I really appreciate any help.
And please spare me moral lectures about how I shouldn’t be lying to my company and trying to hide where I am from. I know that.
Thanks!
You could leave your work machine in your home country, and remote into it with another machine that you bring with you. Then you would just VPN from your work machine to your work.
This would leave you a consistent GeoIP location as well.
Lying to your work seems like a great idea. You probably won’t get caught. /s
A slightly different approach would be to get a basic Aruba controller like a 7005 and an AP set up as a RAP - that sets up a hardware tunnel to your home network, and then you can just fire up the VPN client just like you normally would. Then you don’t have the issue of fiddling with nested VPN clients.
You can probably accomplish a similar hardware tunnel with a couple of RPi units, but it’s a bit more complicated.
might also be able to do it as a unifi site to site VPN
What you want is super easy. Set up a WireGuard server or OpenVPN server at your house. With my work for example I have to authenticate with an app in order to sign in to Remote Desktop. But the app tracks GPS (must give it location permissions to work) so even if IP address return normal, if the GPS doesn’t match at all then it denies me entry. Of course I could root my phone or use a rooted phone where I can falsify my GPS coordinates so still possible to get around….And no, an IT person couldn’t know where your true IP is if you’re using a VPN. They might get HTTP header info such as your time zone but that should match that of VPN ok that case. I’m not saying you should do it, but yes you could do it like most things .
That’s actually a great idea. Would I be able to remotely turn my work laptop on/off?
Also if you have any resources to set this up that would be greatly appreciated
I will be gone for about 5 months and will still be paying the same taxes in my home country I usually pay, not long enough to be considered residing somewhere other than my home country (less than 6 months). My employer also has offices and employees from countries around the world, not the one that I am going to but still I don’t think there is any major issues there. I understand that it’s a bad idea and many things can go wrong, but I’m still willing to take the risk and do it. I pray nothing does go wrong, but if it does I’ll probably get fired and it’ll be my own fault. That’s just how life goes.
That sounds like exactly what I need. Thanks! Do you have any resources on how to get it set up?
Uh, typically you would just leave your work laptop on. Also it would help to have someone around that could help just in case the machine shuts down or the tunnel doesn’t come back up.
Easiest thing to do would be to get a Raspberry Pi, create a wireguard VPN server on the Pi. You would expose the Pi to the internet as your VPN tunnel. Then you would just use something like remote desktop to get into your work machine. I would also consider installing something like Teamviewer or ScreenConnect as a backup just in case your Pi is having issues.
A raspberry pi can accomplish this. They’re cheap ($35) computers. With a pi, you can install PiVPN - https://www.pivpn.io/ . The installer is very intuitive.
Once setup, you can connect to your home VPN, and then use remote desktop to connect to your work machine. This should make your work machine connect to your office from your home.
Honestly, nested VPNs aren’t the sort of thing you’ll find step by step guides for. You’re well into “learn about networking and figure it out for yourself” territory.
I’d run OpenVPN on an openwrt router, and set it up to send all internet traffic over the VPN. Then I’d plug my work system into the router and run the Fortinet client as normal.
Wrangling two VPN clients on one system would be fiddly.
easy, turn on the first VPN, then turn on second. Create your own VPN using OpenVPN or wireguard if you wish
Also SSH tunneling works, this is what /u/TangerineAlpaca suggested
Great, I appreciate the help. I do have family at home in case something goes wrong or a manual reboot is necessary. This seems like a great solution, hopefully my limited tech ability is able to figure it out.
One question, if I were to simply use TeamViewer and connect to my work laptop stationed at home from my personal laptop stationed in another country. Then remotely operating my work computer connect to the work VPN as normal without going through the VPN server on the Raspberry Pi. Would my IP address show up as my home network as it usually would if I were operating the computer myself physically rather than remotely. Or would the IP be somehow different and show that I am in a seperate country?
Basically, if I can’t get the Raspberry Pi server set up or it crashes and I need to just go with plain old TeamViewer, would they be able to detect that I am connecting to the VPN from a different country, or would everything seem as normal and I would be protected?
Thanks!
Teamviewer would work. Just less elegant. It’s great for a backup but it would suck to use that the whole time IMO.
The IP address of your work laptop (as shown to your work) would be the same as your home internet at all times. Either using a VPN to remote into it, or using TeamViewer.
no problem! i would suggest testing with a mobile hotspot before you leave to make sure it’s working right. 
you’ll need to forward a port in your router to the home vpn server
Would I be able to remotely turn my work laptop on/off?
nope, the computer would need to stay on for your entire trip. You can totally restart it, just don’t shut it down.
Cheers! Just ordered a Raspberry Pi so wish me luck
you’ll need to forward a port in your router to the home vpn server